Pages

Thursday, May 20, 2010

This post is going to be an easy read because I don't have any time to update the blog at the moment - so just look at the pictures.

Most people who've spent any time with me on the computer know that I hate anti-virus products because I think that they spend too much time slowing down the system without any guarantee of actually fixing the problem.

Here's an example which just happened about five minutes ago.

I received an email containing an obviously bad file. It passed neatly through our external scanning system which consists of SEVERAL different anti-virus and anti-spam filters.

I knew it would be a virus, so I saved it to my hard drive.

You can see that it has a Microsoft Word icon but that it ends in .EXE.

If you accept the windows default to hide extensions for known file types, you'll never see the EXE and you might even be fooled into thinking that _doc is the same as .doc.

So...

I right clicked on the file and chose scan from the context menu.

As mentioned before, I've got too issues with anti-virus software.

The first is that they waste time. It took ages to scan this ONE file because the engine had to scan memory AND 65 other files (which it should be scanning as part of it's normal procedures - not as part of my ad-hoc request).

The second issue is that they tend to miss viruses.

You can see that this one didn't find the virus.

Even worse, I updated the anti-virus signatures only seconds before initiating the scan. This is something that most users won't do.

I chased the virus up on other sites and found a note to say that McAfee knew about it (though they didn't call it by the same name). A quick search on the internet found this at a different anti-virus site...

They've known about the virus (or a variant of it) at least since March 2009. That's right, more than a year ago.

I found information on the virus going back to 2005.

Since we pay our license fees and since we do our updates, why aren't we entitled to detection?